OS Command Injection via Config File Upload in WebUI

Summary

A remote attacker with administrator-level access can execute arbitrary OS commands due to improper input neutralization during configuration file upload via the web user interface.

Impact

Successful exploitation may lead to complete device takeover, compromising confidentiality, integrity, and availability.

CVSS Metrics

CWE Information

Action Information